Nearly two-dozen bugs easily found in critical infrastructure software